Start federation by going to the SP as follows:
http://10.10.107.100:7777/fed/user/testspsso
On the Initiate Federation SSO page, click Start SSO.
This directs the page to the IdP at:
http://serverA:7777/fed/idp/samlv20
On the login screen, enter a username and password that exists in the IdP:
Error 500--Internal Server Error |
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:10.5.1 500 Internal Server ErrorThe server encountered an unexpected condition which prevented it from fulfilling the request. |
And on the server hosting the OIF SP services, the wls_oif1-diagnostic.log shows the following:
[2014-09-24T15:48:57.688-04:00] [wls_oif1] [ERROR] [FED-15011] [oracle.security.fed.eventhandler.profiles.sp.sso.assertion.Saml20AssertionProcessor] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0050xJtWyGm5Yb^pxSt1iW0000jy0000E2,0:1] [APP: OIF#11.1.1.2.0] [URI: /fed/sp/authnResponse20] Cannot find the authentication request associated with the assertion.
[2014-09-24T15:48:57.692-04:00] [wls_oif1] [ERROR] [FED-12064] [oracle.security.fed.controller.ActionStateMachine] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0050xJtWyGm5Yb^pxSt1iW0000jy0000E2,0:1] [APP: OIF#11.1.1.2.0] [URI: /fed/sp/authnResponse20] Exception: {0}[[
oracle.security.fed.event.EventException: Could not find the AuthnRequest associated to the Assertion
at oracle.security.fed.eventhandler.profiles.sp.sso.assertion.Saml20AssertionProcessor.checkSubjectConfirmation(Saml20AssertionProcessor.java:1178)
at oracle.security.fed.eventhandler.profiles.sp.sso.assertion.Saml20AssertionProcessor.processAssertion(Saml20AssertionProcessor.java:333)
at oracle.security.fed.eventhandler.profiles.sp.sso.v20.ProcessResponseEventHandler.perform(ProcessResponseEventHandler.java:233)
at oracle.security.fed.controller.ActionStateMachine.processEvent(ActionStateMachine.java:141)
at oracle.security.fed.controller.EventControllerImpl.processEvent(EventControllerImpl.java:118)
at oracle.security.fed.controller.ApplicationController.publishEvent(ApplicationController.java:425)
at oracle.security.fed.controller.web.action.RequestHandlerContext.publishEvent(RequestHandlerContext.java:48)
at oracle.security.fed.controller.web.action.RequestHandlerSupport.perform(RequestHandlerSupport.java:15)
at oracle.security.fed.controller.ApplicationController.processServletRequest(ApplicationController.java:321)
at oracle.security.fed.controller.web.servlet.FederationServlet.doGet(FederationServlet.java:151)
at oracle.security.fed.controller.web.servlet.FederationServlet.doPost(FederationServlet.java:98)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
]]
The main error being "oracle.security.fed.event.EventException: Could not find the AuthnRequest associated to the Assertion". This has to with the how the JSESSIONID is set by the IdP and transferred to the SP. According to Oracle Support Doc ID: 1067769.1 amongst other things, make sure that all access to the OIF use FQDN.
Once the request http://10.10.107.100:7777/fed/user/testspsso was changed to http://serverB:7777/fed/user/testpsso, everything worked as shown below:
